1. Field of the Invention
The present invention relates to information processing apparatuses and methods, and computer programs therefor for decrypting content encrypted for copyright protection or other purposes. In particular, the present invention relates to information processing apparatuses and methods, and computer programs therefor for decrypting content encrypted and transmitted over an Internet protocol (IP) network.
More specifically, the present invention relates to an information processing apparatus and method, and a computer program therefor for decrypting encrypted data input as a long byte stream, such as a Transmission Control Protocol (TCP) stream, with dynamically changing decryption keys. In particular, the present invention relates to an information processing apparatus and method, and a computer program therefor for decrypting a byte stream without interrupting processing at a key change point where the key being used is exchanged.
2. Description of the Related Art
Recently, content distribution and delivery services for providing content, such as video and music, over networks have increasingly been provided. Such services allow content distribution to be carried out between remote terminals over networks without the need to move media such as compact disks (CDs) and digital versatile disks (DVDs). Content to be handled over networks is protected under copyright laws as one of copyrighted works against unauthorized use such as unauthorized copying or tampering. In the Copyright Law of Japan, the reproduction of a work by a user him/herself for the purpose of his/her personal or home use would be permitted under Article 30, whereas, the use of copies of a work for purposes other than the personal or private use would be prohibited under Article 49 (1).
Since such content is digital data and is vulnerable to unauthorized access and modification such as copying and tampering, there is a demand for protection against unauthorized use in view of not only legal but also technical solutions while permitting the personal or home use of the content.
With the recent increasing utilization of digital content, a number of technologies for the purpose of copyright protection have been developed. For example, the Digital Transmission Content Protection (DTCP) standard, which is an industry standard for protecting digital transmission content, defines a mechanism for content transmission in a copyright-protected environment (see, for example, DTCP Specification Volume 1 Revision 1.4 (Informational Version), which is available from the world wide web at the “dtcp.com” website).
In DTCP, a protocol for authentication between devices for content transmission and a protocol for transmission of encrypted content are specified. In summary, the specification defines that a DTCP-compliant device should not send any easy-to-use, compressed content, such as MPEG (Moving Picture Experts Group) content, to outside the device in the unencrypted form, that key exchange necessary for decryption of encrypted content should be carried out according to a predetermined authentication and key exchange (AKE) algorithm, and that the range of devices through which key exchange is performed using AKE commands should be limited.
A content provider, or a server (DTCP source), and a content consumer, or a client (DTCP sink), share a key through an authentication procedure by sending and receiving AKE commands. The key is used to encrypt a transmission line to perform content transmission. An unauthorized client could not obtain a cryptographic key unless it has successfully been authenticated with the server, and thus could not receive the content. Further, by limiting the number and range of devices that transmit and receive AKE commands, the use of the content can be limited to personal or home use, as defined by copyright law.
Initially, DTCP defines transmission of digital content over a home network using a transmission line such as IEEE 1394. Recently, the development of a sophisticated technology, called DTCP-IP, in which IEEE-1394-based DTCP technology is incorporated into IP network technology has advanced. Since most home networks are connected via routers to external wide area networks such as the Internet, the establishment of DTCP-IP technology provides flexible and efficient use of digital content over an IP network while protecting the content.
Although DTCP-IP technology is fundamentally involved in the DTCP standard and is a DTCP-resembling technology in which DTCP technology is incorporated into IP network technology, DTCP-IP technology is different from the original, IEEE-1394-based DTCP technology in that an IP network is used as a transmission line and that encrypted content is transmitted using the HTTP or RTP protocol. Since a variety of devices, such as personal computers (PCs), are connected to the IP network, there is a high risk of eavesdropping or tampering of data. Therefore, DTCP-IP further specifies a method for transmission of content over the network while protecting the content although it is fundamentally a DTCP-resembling technology in which DTCP technology is incorporated into IP network technology (see, for example, DTCP Specification Volume 1 Supplement E Mapping DTCP to IP, Revision 1.1 (Informational Version), which is available from the world wide web at the “dtcp.com” website).
A content transmission procedure according to DTCP-IP will be described. DTCP-compliant devices are classified into two types, i.e., one referred to as “DTCP_Source”, and the other as “DTCP_Sink”. A DTCP_Source device serving as a server device receives a request for content, and transmits the content. A DTCP_Sink device serving as a client device requests content, receives the content, and plays back or records the content.
FIG. 10 illustrates a mechanism for performing an AKE-based key exchange procedure between a DTCP_Source device and a DTCP_Sink device and performing encrypted content transmission using a key shared through the key exchange procedure. In the illustrated example, the content transmission is performed using the HTTP protocol.
First, the DTCP_Source device and the DTCP_Sink device establish a single TCP/IP connection, and authenticate each other. This authentication is referred to as a “DTCP authentication” or an “AKE (Authentication and Key Exchange)”. A DTCP-compliant device has a unique device ID and authentication key Kauth embedded therein by a certification organization called DTLA (Digital Transmission Licensing Administrator). In the DTCP authentication procedure, after the DTCP_Source device and the DTCP_Sink device use such information to verify that they are authorized DTCP-compliant devices, the authentication key Kauth for encrypting or decrypting content, which is managed by the DTCP_Source device, can be shared between the DTCP_Source device and the DTCP_Sink device.
When the AKE procedure succeeds, the DTCP_Source device and the DTCP_Sink device individually perform similar internal processing to generate a seed key Kx, which is the seed of a content key, from the authentication key Kauth. The seed key Kx is used to generate a content key Kc when the content is transmitted (discussed below).
After performing the AKE-based authentication and key exchange procedure between the DTCP-compliant devices, the DTCP_Sink device requests content on the DTCP_Source device. The DTCP_Source device can notify in advance the DTCP_Sink device of the content location for accessing the content on the DTCP_Source device via a content directory service (CDS) or the like. The DTCP_Sink device may use a protocol, such as HTTP (Hyper Text Transfer Protocol) or RTP (Real Time Protocol), to request the content.
As illustrated in FIG. 10, when the content is requested according to the HTTP procedure, the DTCP_Source device serves as an HTTP server and the DTCP_Sink device serves as an HTTP client, between which the transmission of the content is initiated. When an RTP-based transmission is requested, the DTCP_Source device serves as an RTP sender and the DTCP_Sink device serves as an RTP receiver, between which the transmission of the content is initiated. Other transmission protocols, such as RSTP (Real Time Streaming Protocol), may also be adopted.
When content transmission is performed according to HTTP, the HTTP client creates a TCP/IP connection for HTTP, which is different from the TCP/IP connection for the DTCP authentication (that is, each of the DTCP_Source device and the DTCP_Sink device has individual sockets for the AKE procedure and content transmission (a socket is a set of an IP address and a port number)). The HTTP client requests content on the HTTP server according to a similar operation procedure to the standard HTTP procedure. The HTTP server returns the requested content as an HTTP response.
The data transmitted as the HTTP response is data into which the HTTP server, i.e., the DTCP_Source device, encrypts the content using the key shared through the AKE authentication.
Specifically, the DTCP_Source device generates a nonce Nc using random numbers, and generates the content key Kc based on the seed key Kx and nonce Nc. The DTCP_Source device encrypts the content requested by the DTCP_Sink device using the content key Kc, and sends a TCP stream carrying the encrypted content and the nonce Nc to the DTCP_Sink device. Under the IP protocol, the TCP stream is divided by a predetermined packet size as a unit into packets to produce IP packets by adding headers to the packets, and the IP packets are delivered to a specified IP address (see, for example, RFC (Request For Comment) 791 INTERNET PROTOCOL).
Upon receiving the IP packets from the DTCP_Source device, the DTCP_Sink device reassembles the received IP packets into the TCP stream. The nonce Nc extracted from the stream and a key Kx determined from the authentication key Kauth are used to determine the content key Kc. The content key Kc is used to decrypt the encrypted content. The decrypted plaintext content is played back or recorded.
Accordingly, DTCP-IP can provide a secure content transmission protocol even over an IP network, which enables the content to be protected against eavesdropping or tampering in the middle of the transmission line by performing authentication between DTCP-compliant devices to share a key between the DTCP-authenticated devices and encrypting and decrypting transmission content.
Encrypted communication is common for protection of data being communicated. However, if the same cryptographic key is continuously used, the risk of breaking the key increases. A general solution is to change the cryptographic key regularly, every specific data length, or at any time during data communication.
For example, in wireless local area network (LAN) systems vulnerable to eavesdropping, security based on Wired Equivalent Privacy (WEP) is generally used. However, such WEP-based security is so weak that the key used to encrypt consecutive packets can easily be guessed, and, if the same WEP key is continuously used for a long time, the key can be broken. Nevertheless, since it takes some time to break the WEP key, changing the WEP key at regular time intervals can prevent the WEP key from being broken (see, for example, Japanese Unexamined Patent Application Publication No. 2005-117458). Even if the WEP key is broken, the WEP key is changed regularly, and thus the encrypted content could not be decrypted with the broken key, which is safe.
Further, if the same cryptographic key is continuously used across an entire long TCP stream, the risk of breaking the key increases. In DTCP-IP, therefore, it is specified that a source device should update the nonce Nc, or the content key Kc, every 128 MB of content (see, for example, DTCP Volume 1 Supplement E Mapping DTCP to IP, Revision 1.1 (Informational Version), which is available from the world wide web at the “dtcp.com” website). In a byte stream, the range of data that is encrypted using the content key Kc generated from the same nonce Nc is used as a unit of decryption by which decryption is performed using the same key.
However, in an apparatus for receiving and decrypting encrypted data as a byte stream over a network, such as TCP/IP, or from a file system and processing the decrypted data and a program therefor, if the key for decryption is changed in the middle of the data, the decryption processing may be interrupted at the key change point where the key being used is changed.
FIG. 11 schematically illustrates a functional structure of a communication apparatus of the related art that receives a byte stream transmitted with decryption keys changed in the middle of the stream. Encrypted data delivered in the form of the byte stream over a network or from a file system is data with decryption keys changed in the middle.
A receiving section handles a range of data in the input encrypted data, which is decrypted using the same key, as a single unit of decryption (in FIG. 11, encrypted data 1, encrypted data 2, . . . ), and sequentially transfers the data units to a decrypting section downstream from the receiving section.
When the key is changed on the byte stream, the decrypting section is not allowed to change the key until all encrypted data in the unit of decryption by which the data unit is decrypted using the previous key has been decrypted, thus preventing the encrypted data in the unit of decryption by which the data unit is decrypted using the changed key from being input.
In this case, upon receiving encrypted data, the receiving section continuously buffers or holds the received data until the decrypting section is allowed to change the decryption key, and is not able to smoothly perform the processing on the data. For example, even when the next IP packet arrives, if the decryption processing using the previous decryption key has not been completed and the receiving buffer is full, re-transmission is enabled due to the packet receiving error.